The Red Hat Secure Web Server, which is what this URL refers to, is RedHat's
RSA-licensed version of Apache+mod_ssl. The software cannot be recompiled,
since the crypto library is statically compiled in and they don't provide
source for it (because of their license w/ RSA). They provide source for
the apache server, but this is only helpful for the rare instances of third
party modules that require the apache source to compile and can run as
DSO's. The RSA license that comes with RHSWS states quite plainly that no
rights are granted WRT the RSA algorithms except for use with this
particulary binary.
OpenSSL is a full crypto/ssl toolkit. You can develop secure applications
with it that have nothing to do with the web, but that do (or do not) use
the RSA algorithms. You can use it with Apache to implement an SSL-enabled
webserver that you can recompile freely. You can modify it to fix bugs or
add features. But you can't do any of these things in the US if you see one
penny from these activities in any way, shape, or form and haven't paid RSA
somewhere in the tens of thousands of dollars.
Dave Neuer
-----Original Message-----
From: Michael J. Markowitz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, July 12, 1999 3:31 PM
Subject: Re: Legalities of Using openssl in the US
>
>According to the package, the Redhat Linux "extra" bundle currently on
>the shelves of your local computer retailer here in the US contains
>Apache-OpenSSL-SSLeay and a "Single Server Advanced Cryptography
>License from RSA Data Security" for US$100. "This product also
>includes software developed by Ben Laurie for use in the Apache-SSL
>HTTP server, Ralf Engelschall from his mod_ssl project, and
>cryptographic software written by Eric Young."
>
>See:
http://store.redhat.com/commerce/store.cgi?page=/more_ao_webserver.html
>
>I don't know if there are any hidden "non-commercial use" restrictions
>inside the box (nor whether this is based on RSAref or BSAFE), but
>in any case, this seems to peg the price of an RSA license at
>$20/server which is not a "large sum."
>
>-mjm
>
>==========
>Michael J. Markowitz, Ph.D. Email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
